Skip to main content

prefect_azure.credentials

Credential classes used to perform authenticated interactions with Azure

Classes

AzureBlobStorageCredentials

Stores credentials for authenticating with Azure Blob Storage. Authentication can be done using one of the following methods:
  1. Connection string: Provide a connection string for your Azure storage account.
  2. Account URL with DefaultAzureCredential: Provide an account URL and credentials will be discovered automatically using DefaultAzureCredential.
  3. Account URL with Service Principal: Provide an account URL along with client_id, tenant_id, and client_secret for service principal authentication.
Args:
  • account_url: The URL for your Azure storage account. Required for DefaultAzureCredential or service principal authentication.
  • connection_string: The connection string to your Azure storage account. If provided, the connection string will take precedence over the account URL.
  • client_id: The service principal client ID. If provided, tenant_id and client_secret must also be provided.
  • tenant_id: The service principal tenant ID. If provided, client_id and client_secret must also be provided.
  • client_secret: The service principal client secret. If provided, client_id and tenant_id must also be provided.
Methods:

aclose 

aclose(self)
Cleanup resources.

check_connection_string_or_account_url 

check_connection_string_or_account_url(cls, values: Dict[str, Any]) -> Dict[str, Any]
Validates authentication configuration. Valid configurations:
  1. connection_string only (no account_url, no SPN fields)
  2. account_url only (uses DefaultAzureCredential)
  3. account_url + client_id + tenant_id + client_secret (SPN auth)

get_blob_client 

get_blob_client(self, container: str, blob: str) -> 'BlobClient'
Returns an authenticated Blob client that can be used to download and upload blobs. Args:
  • container: Name of the Blob Storage container to retrieve from.
  • blob: Name of the blob within this container to retrieve.

get_client 

get_client(self) -> 'BlobServiceClient'
Returns an authenticated base Blob Service client that can be used to create other clients for Azure services.

get_container_client 

get_container_client(self, container: str) -> 'ContainerClient'
Returns an authenticated Container client that can be used to create clients for Azure services. Args:
  • container: Name of the Blob Storage container to retrieve from.

AzureCosmosDbCredentials

Block used to manage Cosmos DB authentication with Azure. Azure authentication is handled via the azure module through a connection string. Args:
  • connection_string: Includes the authorization information required.
Methods:

get_client 

get_client(self) -> 'CosmosClient'
Returns an authenticated Cosmos client that can be used to create other clients for Azure services.

get_container_client 

get_container_client(self, container: str, database: str) -> 'ContainerProxy'
Returns an authenticated Container client used for querying. Args:
  • container: Name of the Cosmos DB container to retrieve from.
  • database: Name of the Cosmos DB database.

get_database_client 

get_database_client(self, database: str) -> 'DatabaseProxy'
Returns an authenticated Database client. Args:
  • database: Name of the database.

AzureMlCredentials

Block used to manage authentication with AzureML. Azure authentication is handled via the azure module. Args:
  • tenant_id: The active directory tenant that the service identity belongs to.
  • service_principal_id: The service principal ID.
  • service_principal_password: The service principal password/key.
  • subscription_id: The Azure subscription ID containing the workspace.
  • resource_group: The resource group containing the workspace.
  • workspace_name: The existing workspace name.
Methods:

get_workspace 

get_workspace(self) -> 'Workspace'
Returns an authenticated base Workspace that can be used in Azure’s Datasets and Datastores.

AzureContainerInstanceCredentials

Block used to manage Azure Container Instances authentication. Stores Azure Service Principal authentication data. Methods:

get_container_client 

get_container_client(self, subscription_id: str)
Creates an Azure Container Instances client initialized with data from this block’s fields and a provided Azure subscription ID. Args:
  • subscription_id: A valid Azure subscription ID.
Returns:
  • An initialized ContainerInstanceManagementClient

get_resource_client 

get_resource_client(self, subscription_id: str)
Creates an Azure resource management client initialized with data from this block’s fields and a provided Azure subscription ID. Args:
  • subscription_id: A valid Azure subscription ID.
Returns:
  • An initialized ResourceManagementClient

validate_credential_kwargs 

validate_credential_kwargs(cls, values)
Validates that if any of client_id, tenant_id, or client_secret are provided, all must be provided.

AzureDevopsCredentials

Block used to authenticate with Azure DevOps using a Personal Access Token. Attributes:
  • token: A Personal Access Token generated from Azure DevOps.
Methods:

get_auth_header 

get_auth_header(self) -> Dict[str, str]
Returns an HTTP Authorization header using the stored PAT. This can be used for Azure DevOps REST API calls.